Configure SAML Keys

To enable the Onegini IDP to sign SAML messages and also expose a public certificate within it's metadata so that other parties, either Identity Providers (IdPs) or
Service Providers (SPs), can use it for encryption purposes the Onegini IDP must be provided with keys.
This guide will walk you though the process of creating and configuring an RSA key pair which will be used in the SAML flows.

What is required?

To successfully complete this topic guide you need to ensure following prerequisites:

The above operation should be performed twice, once to generate signing and once encryption keys.

Configure keys in the Onegini IDP

Once you have finished preparing the keys you should be able to configure them in the Onegini IDP. There are four configuration properties that should be defined to set
the signing and encryption keys for SAML.

Testing

Once properties are configured you need to start/restart the Onegini IDP application. Once it's up please check the SAML metadata advertised by the Onegini IDP
under https://idp-core.dev.onegini.me/saml/metadata location and search for md:KeyDescriptor nodes. You should be able to find public keys for both signing and encryption.